browse

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes commands that explicitly set or list cookie values (e.g., cookie.set --value "abc123" and browse cookies) and other examples that embed literal secret-like values in CLI commands, which would require the agent to handle or emit secrets verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill can open arbitrary web pages (browse tab.new, navigate) and explicitly reads page content and network responses (page.text, page.read, page.read --all, network.body), so it ingests untrusted public/user-generated web content that the agent will parse and act on.